Microsoft puts Windows 3.11 for Workgroups out to pasture

After fifteen years and God knows how many copies sold, Windows 3.11 has …

Microsoft operating systems almost never actually die, preferring instead to fade away into the mists of antiquity, but as of November 1, Windows for Workgroups 3.11 is finally, officially, totally dead at the age of 15 (though we can bump that backwards if you prefer to count from the original Windows 3.0). Long after it was supplanted on the desktop by the likes of NT 4.0 and/or Windows 95, Windows for Workgroups 3.11 lived on in the embedded market, powering various point-of-sale terminals, cash registers, and long-haul entertainment systems in certain Virgin and Quantas jets. All of this has come to an end, and Microsoft will no longer sell embedded licenses for the operating system.

It's doubtful that anyone out there will long miss the ancient operating system, but it seems at least a handful of people still experiment with it from time to time. In an interview with the BBC, Stefan Burka, of the GUI Documentation Project, was surprised at how functional the OS still was. "With patched SVGA driver for 1024x768 resolution, Internet Explorer 5, WinZIP, VfW and Video Player, it was still useful," he said. "The desktop was ready after a few seconds loading time."

That last bit is scarcely surprising, considering the entire DOS kernel + Windows 3.11 GUI could probably fit in a modern processor's L2 cache, with room to spare for drivers. Surfing the Internet on IE5, meanwhile, might turn out to be surprisingly safe. That particular browser might have more security holes than a sieve, but what malware these days would properly recognize and function in a Windows 3.11 environment—and if it did, would the computer in question be fast enough to run it? Such questions might even lead to a new trend, call it "security through antiquity."

The final gasps of Windows 3.11 don't just signal the end of an era, they raise questions regarding the long-term security of next-generation embedded systems. Part of what protects the security of the embedded systems still using WfW 3.11 is the fact that they (and the OS they use) were not designed in an age when device networking and interdevice communication was even half as common as it is today. If you listen to Intel or Microsoft's definition of an embedded system today, the user experience (and the terminal's capabilities) are light-years beyond simple ASCII screens and a menu of four push-button options.

These "rich" access points/devices offer significantly more features and better displays than what came before them, but updating and securing the operating system that powers such devices could be a decades-long task. The fact that companies have continued to buy WfW 3.11 some 15 years after launch implies that some part of the lifecycle for the devices that run it is extremely long. This could be because the devices themselves remain in good operational order for decades, because software updates and OS switches are extremely slow, or because the cost of acquiring newer, upgraded systems is prohibitively high.

WIndows 7 is currently set to arrive in the late-2009/early-2010 timeframe, so it's fair to ask if we'll be seeing similar end-of-life notices for it (or Windows XP Embedded) come 2023. Some of you readers, I know, have a great deal of experience in the embedded market—do you think the growth of what I'll call rich embedded devices will require longer security cycles and careful planning to insure that the increased security requirements of later years don't overwhelm initial hardware? Alternatively, is there any argument for security through antiquity—specifically, that as these devices deprecate and are shifted into low-end, low-security functions, they become less desirable as targets, and therefore maintain a level of safety regardless of how easy they are to penetrate?